Tech —

Five OS X security threats that fizzled

Harbingers of the great Mac malware infestation that has yet to materialize.

Macs have been relatively safe from the kind of viruses that plagued Windows users through the last couple of decades. But once it was revealed that a variation of Flashback was able to create a botnet of more than half a million Macs thanks to an unpatched Java vulnerability users stood up and took notice. OS X has largely been free of viruses and worms up to this point, but that still doesn't stop unsuspecting users from being tricked into typing an admin password into a cleverly (or, sometimes, not-so-cleverly) disguised installer.

It should be noted that Flashback originally required an admin password as well, but eventually shed that requirement. But the recent Flashback hubbub wasn't the first indication that malware could affect Mac users—not by a long shot. In fact, the first versions of the Flashback trojan itself appeared as early as September 2011, so the latest outbreak wasn't even the first we've heard of this particular malware.

As Apple continues to increase its share of the PC market, Macs are becoming a viable target for malware authors, sprouting a handful or two of trojans in the last decade. Here are five in particular that were considered (by some) to be harbingers of a great malware infestation for OS X that instead proved to be more bark than bite.

Patient zero

One of the first well-known trojans for Mac OS X turned up in 2004. OS X by default hides file extensions, so it's possible for an executable to masquerade as some other file type, like an image or music file. If OS X is set to hide file type extensions, the a file named "hot_pic_xxx.jpg.app" will appear to the user as "hot_pic_xxx.jpg". With a custom icon, an unsuspecting user might double-click the icon, launching the app instead of loading the supposed image in Preview.

Mac security firm Intego spotted a trojan that took this method a little further by burying executable code in the IDv3 tag of an MP3 file. Double-clicking the file would launch the trojan code in the IDv3 tag, then play the MP3 inside iTunes to keep the user none the wiser.

At the time, Intego warned that the trojan could do all kinds of bad things like delete files, infect other MP3s, or send itself via e-mail. However, the exploit was merely a proof-of-concept that never went anywhere.

RSPlug.A

While subsequent trojans identified as malware turned out to be little more than harmless proof-of-concepts, Intego warned of a more serious threat in 2007 dubbed "RSPlug." This trojan pretended to be a QuickTime codec necessary to view videos from porn sites, but instead installed a DNS server that would redirect users to fake versions of sites like eBay or Paypal. These sites would capture users' logins to scam money from unsuspecting from them.

Several variations later appeared that seemed to prey on the most naïve users, barely attempting to hide the fact that the installers were not from trusted sources. While Intego considered RSPlug a "critical" threat, it required users to enter an admin password before it could do anything unsavory, preventing it from infecting more than a tiny percentage of Mac users.

OSX.Trojan.iServices

Within a month of launching iWork '09 during Macworld Expo in January, a pirated version of the $79 productivity suite started circulating on the 'net stuffed with code which installed a backdoor in OS X. More variations of this same trojan appeared in various "pirated" apps, including Adobe Photoshop CS4.

Needless to say, this trojan didn't infect many users, either. While Adobe's rather expensive creative software was probably a much smarter payload target than Apple's budget office software, this trojan only infected casual "pirates" that probably learned a valuable lesson about paying for legitimate software licenses.

"MacGuard"

In 2008, malware authors tried to take advantage of unsuspecting Mac users by pretending to be virus scanning software. Dubbed "MacGuard," this malware caused fake virus infection alerts to appear on a user's computer, offering to rid the user of the virus by entering credit card information.

Fortunately, the app was poorly ported from a nearly identical Windows version, and didn't fool too many users before being identified by security vendors. Our advice then was to stick to well-known antivirus vendors, like Norton or McAfee, instead of unknown software begging for credit card numbers.

The same basic trick later appeared in a much more convincing form in 2011 as "Mac Defender." That software was much more sophisticated and at least had the appearance of a legitimate app. It took a couple weeks for Apple to acknowledge the problem and offer a software update that eliminated the malware, but that was after it appeared that the malware spread in relatively significant numbers. Though the true impact of Mac Defender remains unclear, it certainly brought the issue of Apple's responsibility in working against malware to light.

HellRTS.D

A new tool to install a backdoor in OS X was discovered in 2010, called "HellRTS." This malware required physical access to a computer to install, though Intego warned that the code could have been packaged as a trojan. This backdoor was actually a variant of exploit code discovered as far back as 2004, but fortunately never materialized in any malicious trojan.

Variants of RSPlug and later the Mac Defender trojan ultimately caused more concern, and Apple moved to update the anti-malware feature silently built-in to Snow Leopard in 2009 to identify and eliminate these potential threats.

An ounce of prevention...

As we have noted in all our coverage of potential Mac security threats, an ounce of prevention is worth far more than a pound of cure when it comes to computer security. Running as a non-admin user prevents most malware from installing itself in the first place, and turning off Java or Flash in your browser eliminates those popular exploit vectors. Furthermore, a heightened sense of skepticism when dealing with unfamiliar websites, e-mails from unknown senders, or software downloads from unverified sources also helps to reduce the likelihood of being the victim of a trojan or other malware.

Of course when it comes to Flashback, even being hyper aware wouldn't have helped much—malware is increasingly being injected into iframes on Google image search results and other sites that people widely trust. Users should remember that even sites they visit regularly have the potential to morph into attack sites if they're compromised and infected with exploits. Perhaps it's time for us to consider installing antivirus software as a rule, just like our Windows-using brothers and sisters.

51 Reader Comments

If it becomes necessary to install antivirus software to safely browse the web from my Mac (and I don't think we're close to that point yet), I will probably switch to Linux, FreeBSD, or whatever obscure-enough platform doesn't suffer continuous drive-by infection attempts. I've enjoyed a great decade of desktop computer use from OS X, and I don't look forward to the schizophrenic Linux desktop experience, but GUI is at most 10% of my computer interaction anyway. Obscurity is not security anymore than living in an isolated mountain cabin is security against theft, but it's something.

I kind of long for the days when every news story about Apple used the word "beleaguered" and unsuspecting MS users would automatically assume you knew nothing about computers if you were using a Mac.

If it becomes necessary to install antivirus software to safely browse the web from my Mac (and I don't think we're close to that point yet), I will probably switch to Linux, FreeBSD, or whatever obscure-enough platform doesn't suffer continuous drive-by infection attempts. I've enjoyed a great decade of desktop computer use from OS X, and I don't look forward to the schizophrenic Linux desktop experience, but GUI is at most 10% of my computer interaction anyway. Obscurity is not security anymore than living in an isolated mountain cabin is security against theft, but it's something.

I kind of long for the days when every news story about Apple used the word "beleaguered" and unsuspecting MS users would automatically assume you knew nothing about computers if you were using a Mac.

Or... you can just browse the web carefully. I use Windows without anti-virus... and I make out just fine.

Don't forget... there are over a million viruses, malwares and other threats on Windows... but only a handful of threats on Macs.

"Perhaps it's time for us to consider installing antivirus software as a rule, just like our Windows-using brothers and sisters."

Or perhaps it's time for content hosts like YouTube, Google, etc., to malware-scan files as they're uploaded to their sites. This is what I do on my systems, and it's not a problem. Should the end-user practice safe computing? Absolutely! Do content hosts carry some level of responsibility for the content they carry? I believe so. Reject uploads that contain malware. Reject all uploads from someone who habitually attempts to upload malware.

I would add in to this article that if users on a Mac or Windows systems want an extra layer of protection from these threats they should take a look at using OpenDNS instead of their ISP's DNS servers as OpenDNS has added in filters for this exploit:

I also agree with Michael Scrip, learning how to browse the web carefully is a good idea. Also using alternate browsers than the default Safari and/or IE is a good idea too. There is a lot we can do to protect our computers from security threats. Normally it starts with the user being more educated as to how their system works.

Still, on the Mac (OSX) and iPhone/iPad/iPod (iOS) you are ahead of the curve on security issues.

But they should become aware of what sorts of behavior are risky: 'acquiring' cracked software, bootlegged movies, illegal porn, even lyrics to popular songs are frequent infection vectors, since the servers that host illegal/stolen content are typically beyond the reach of law enforcement.

And, of course, they should make sure their OS and applications are all patched and up-to-date. (Unfortunately, Apple does not tend to put out security patches for previous OS releases, pushing users, instead, to upgrade to the latest OS version. That's very good advice -- as long as the upgrade doesn't 'break' OS support for applications or hardware drivers that the user depends on.)

As MacWorld's in-house security expert, Rich Mogull, wrote early last year in his "Pay Attention -- Don't Panic" article on the Mac Defender malware epidemic, "Windows 7 is actually more secure than OS X," but Apple *is* improving security with each new version.

One of the most important things they have been working on is anonymization of code libraries, much like MS has done with Windows -- which is one of the things making Win 7 so much more secure than OS X or previous versions of Windows.

Most Windows-facing malware targets the far more vulnerable XP; fortunately, MS has long had a policy of supporting previous OS versions -- and regularly issues patches across Windows going back to 2001 when XP was introduced, although that support for XP is scheduled to end in 2014. XP is a big deal, though, because it was such a stable, efficient OS that 40% of computer users still are using it.

Like the writer above, I use Windows without resident anti-malware software, even though I use the relatively less secure XP, primarily because my machine is over 6 years old, cost $400 refurbished, yet delivers snappy performance similar to that on much faster computers that use OS X or unoptimized Vista or Win7.

The Flashback malware installed via the Java vulnerability is almost everywhere referred to as a trojan, despite it needing no user interaction and involving no masquerading. It doesn't seem like a trojan, except perhaps in the sense that the payload was originally delivered in the form of a trojan.

The malware neither takes the form of a modified file nor does it replicate itself, so it also doesn't seem to be a virus or worm. Should there be a new category of malware, say "drive-by"?

It's not like Windows virus-scanners are very good at detecting drive-by infections...Why expect success from OSX virus-scanners?

Sophos are trying to capitalise on this recent hype, but their scanner didn't have detection for the Java exploit (http://www.sophos.com/en-us/threat-cent ... lysis.aspx) until the day before Dr. Web claims that they'd found 600,000 infections of Flashback. The Control and Command domain names had been registered for over a week. Not really worth giving up performance and stability for is it?

Kaspersky released a removal tool, which caused more damage than the Flashback trojan and had to be withdrawn.

These companies keep putting the scary messages out there, but in 15 years of working with Windows, I've lost more time fighting with AV software, than fighting malware infections.

The knee-jerk "OSX users should install AV as standard" line is way off the mark at this point in time.

Once I had a PC with virus protection, it was not good for anything but checking for viruses, malware, trojans, and spyware. I got rid of that problem by throwing all the window PCs in the trash and bought an iMac. I have never regretted my decision. I appreciate Apple's walled garden approach. Unfortunately for Microsoft they can not control both the software and hardware.

Pertaining to Flashback, Apple researched the problem, created a solution, and if users are smart enough to keep their systems updated, the so called trojan is completely removed. Could they have been faster, probably? Do they still provide excellent customer service, definitely.

I installed Sophos free anti-virus to check for things on occasion. It never finds anything. Users need to change their behavior. One step in the right direction is rarely if ever install anything that you have not researched, purchased, and do not have a valid license code for. Free is not always free.

The suggestion that a file named "hot_pic_xxx.jpg.app" will appear to the user as "hot_pic_xxx.jpg" when extensions are hidden has never been true. Finder will never remove a filename extension if the remainder of the name would look like it has a filename extension.

Try it yourself! Create a file named "hot_pic_xxx.jpg.app" and try to hide its extension. You can't.

Microsoft Security Essentials is great and free. Apple makes enough money that they can provide free antivirus too. For what you pay for a mac, Apple should come to the house weekly and dust it!

The comment about not showing file extensions is good, but windows 7 now does the same thing. However, few people know what file extension under windows can hold malware.

Under linux, there is little closed source software. The only binary I have on my linux installs is Google Earth. Everything else comes from repositories for the most part. The repository is like an app-store, but free. So you have less of a chance of getting malware under linux simply due to the software sources.

Lastly, the is SE linux. This is basically NSA extensions to the OS. Really a PITA. Opensuse has SE, but supplies app-guard or something like that.

IMHO, if you are leaving the mac or windows, opensuse is the way to go. It is enterprise grade software that is easy to use. Whenever I build a new PC, I flog the current linux distributions, but stick with opensuse.

Pertaining to Flashback, Apple researched the problem, created a solution, and if users are smart enough to keep their systems updated, the so called trojan is completely removed. Could they have been faster, probably? Do they still provide excellent customer service, definitely.

You are forgetting this was a relatively benign exploit. Had it been coupled with a rootkit or something it would be far harder to detect and remove. The next time it might... Even though I say this as a Windows user (and no I really don't fell at all smug about this I wouldn't wish a compromised machine on anyone) but MacOS really has had it a bit too easy over the last few years. Its easy to look good when you don't have to do much.

Quote:

I installed Sophos free anti-virus to check for things on occasion. It never finds anything. Users need to change their behavior. One step in the right direction is rarely if ever install anything that you have not researched, purchased, and do not have a valid license code for. Free is not always free.

Exploits like this are all too easy to upload to ad networks and get onto even legit mainstream sites. Even the standard mitigation strategies such as "don't run as admin" don't help if they configure your browser with a malicious password stealing plugin (from your account) or configure rouge proxy settings, etc. Even antivirus is retoactive and not proactive.

Also, all those millions of "viruses" for windows are largely just variants on a much small number of (typically flash/java expoits or trojans ) codebases to evade antimalware products (1st thing they do is upload to virustotal.com to see if they get any hits), add new exploits or just to give control to different sets of crims. There is a critical mass issue here, once some effective exploit tools hit the black market then those of less technical expertise can repackage them as they please together with custom payloads.

Personally, I don't run as admin, uninstalled Java & QuickTime years ago, filter flash from running on most sites (white list only), use software restriction group policy to block all exe code from non system locations from running, forced ASLR (MoveImages = 0xFFFFFFFF), SHEOP, and DEP on, and monitor my firewall & security audit logs. And Patch, patch, patch! I also run Microsoft Security Essentials (unnoticable performance impact on my system). All good stuff, but given the amount of crap out there I still avoid dodgy sites & don't download wares as even all that is < 100% protection...

Microsoft Security Essentials is great and free. Apple makes enough money that they can provide free antivirus too. For what you pay for a mac, Apple should come to the house weekly and dust it!

The comment about not showing file extensions is good, but windows 7 now does the same thing. However, few people know what file extension under windows can hold malware.

Or really any OS. One little buffer overrun in a media decoder lib someware and BOOM that mp4 file is now a potential vector.

Quote:

Under linux, there is little closed source software. The only binary I have on my linux installs is Google Earth. Everything else comes from repositories for the most part. The repository is like an app-store, but free. So you have less of a chance of getting malware under linux simply due to the software sources.

That is of course themain difference, as long as the repositories are secure. Even open source isn't any guarantee unless you personally vet all the code before compiling it...I have personnaly seen a Open source project from sourceforge try to install an adware browser bar extension

But they should become aware of what sorts of behavior are risky: 'acquiring' cracked software, bootlegged movies, illegal porn, even lyrics to popular songs are frequent infection vectors, since the servers that host illegal/stolen content are typically beyond the reach of law enforcement.

And, of course, they should make sure their OS and applications are all patched and up-to-date. (Unfortunately, Apple does not tend to put out security patches for previous OS releases, pushing users, instead, to upgrade to the latest OS version. That's very good advice -- as long as the upgrade doesn't 'break' OS support for applications or hardware drivers that the user depends on.)

As MacWorld's in-house security expert, Rich Mogull, wrote early last year in his "Pay Attention -- Don't Panic" article on the Mac Defender malware epidemic, "Windows 7 is actually more secure than OS X," but Apple *is* improving security with each new version.

One of the most important things they have been working on is anonymization of code libraries, much like MS has done with Windows -- which is one of the things making Win 7 so much more secure than OS X or previous versions of Windows.

Most Windows-facing malware targets the far more vulnerable XP; fortunately, MS has long had a policy of supporting previous OS versions -- and regularly issues patches across Windows going back to 2001 when XP was introduced, although that support for XP is scheduled to end in 2014. XP is a big deal, though, because it was such a stable, efficient OS that 40% of computer users still are using it.

Like the writer above, I use Windows without resident anti-malware software, even though I use the relatively less secure XP, primarily because my machine is over 6 years old, cost $400 refurbished, yet delivers snappy performance similar to that on much faster computers that use OS X or unoptimized Vista or Win7.

It's nice to be able to buy a really nice computer for 400 bucks unless your the guy that bought it new for 1200. It's much nicer to be the guy that can sell his 4 year old iMac for almost what he paid for it if your the guy that bought it new though.

As far as Windows 7 being more secure than mac I don't know what proof you have of that. I see Microsoft putting out security updates all the time. That means yes they are more secure after the updates but they had to make an update because they were insecure to start with. OSX isn't impenetrable and has flaws that can be exploited but it has proven to be pretty resilient against actual attacks to date. I guarantee if you go look at the number of infected windows 7 machines the % is way higher than the 1% that flashback managed.

> As Apple continues to increase its share of the PC market,> Macs are becoming a viable target for malware authors

Sorry, but that's an ignorant statement. Macs have been a viable target for well over a decade and you'd know this if you bothered to perform a modicum of research. Mac OS 9 in the 1990's??? Hello?

When the Mac had an inferior architecture with Mac OS 9 and there was LESS marketshare, there were scores of trojans AND viruses propagating in the wild for the Mac platform. Millions of computer owners with a demographic of higher income than most PC users certainly made Mac OS 9 a "viable target" and that's WHY there was so much malware.

It wasn't until Apple switched to the Unix-based OS architecture with Mac OS X 11 years ago that the trojans (mostly dissipated) and viruses tanked and this has coincided with HIGHER marketshare. It's the architecture, stupid.

The marketshare myth was disproven over a decade ago. I guess you didn't get the memo?

Do you guys write uneducated statements like this for linkbait or do you just not know what you're talking about?

Rich Mogull, wrote early last year in his "Pay Attention -- Don't Panic" article on the Mac Defender malware epidemic, "Windows 7 is actually more secure than OS X,"

Rich Mogull was destroyed in the comments section. He didn't really know what he was talking about. Touting things like ASLR as some sort of holy grail of security for Windows 7. Did ASLR make Mac OS 10.7 more secure when it got it? Yes. Was Mac OS X less secure than Windows 7 in real world security before it had ASLR? Shit, no.

DEP + ASLR was already bypassed in Windows 7... for Windows 7, it's lipstick on a pig. Sounds great in theory, but hacked in the real world.

Let me guess, now you're going to tell me that Macs are less secure because of the "pawn" contests, correct? All those contests show is that all platforms have weaknesses. Chrome was the first to go down recently and "get pawned", but Chrome is still the most secure browser. They focused on Chrome first because it hadn't been brought down in the contests by that point.

Rich Mogull, wrote early last year in his "Pay Attention -- Don't Panic" article on the Mac Defender malware epidemic, "Windows 7 is actually more secure than OS X,"

Rich Mogull was destroyed in the comments section. He didn't really know what he was talking about. Touting things like ASLR as some sort of holy grail of security for Windows 7. Did ASLR make Mac OS 10.7 more secure when it got it? Yes. Was Mac OS X less secure than Windows 7 in real world security before it had ASLR? Shit, no.

DEP + ASLR was already bypassed in Windows 7... for Windows 7, it's lipstick on a pig. Sounds great in theory, but hacked in the real world.

Let me guess, now you're going to tell me that Macs are less secure because of the "pawn" contests, correct? All those contests show is that all platforms have weaknesses. Chrome was the first to go down recently and "get pawned", but Chrome is still the most secure browser. They focused on Chrome first because it hadn't been brought down in the contests by that point.

What are you blabbing about?! You have absolutely know idea what you are talking about.

pawn? this is now chess - p0wn like you own it, you got p0wn3d

And we wonder why 650k macs got infected with this zero day... just wait for the next... then the next...

Obscurity is not security anymore than living in an isolated mountain cabin is security against theft, but it's something.

Computer "security through obscurity" is a disproven theory perpetuated by writer hacks instead of security hackers. Mac OS 9 had far more trojans AND viruses when the Mac platform had LESS marketshare. The difference is the architecture, not the marketshare.

Millions of computer users with a higher income demographic is certainly alluring enough and all the malware for OS 9 proved that over a decade ago. The reason malware dropped so drastically while marketshare for the Mac platform went UP was because the Mac OS architecture changed to a superior UNIX-based OS (Mac OS X). It was the superior architecture that lowered the malware on the platform.

Sigh... it's amazing and saddening how little critical thinking skills are applied with this stuff. If "security through obscurity" truly worked, then Mac OS 9 should have had far LESS malware than Mac OS X when it had less marketshare. But, it didn't. It had FAR MORE.

Here, I'll the Urban Dictionary destroy you... have fun yelling at that website in frustration:

" ... The original origin of the word "pwn" was a typo, probably from a high-speed chat, of the word "own". ... When "own" and "owned" became "pwn", "pwned" and "pwnage", the words came to mean the same thing; dominance and superiority. The new word "pawn" is very simmilar in the sense; its plain definition is to belittle or reduce someone or something to pawn status, essentially, "owning" them. ... "

You've just been pawned, danstl... and it was easy. Are you embarrassed now? Good.

You've just been pawned, danstl... and it was easy. Are you embarrassed now? Good.

I'm pretty sure fighting over what "pwn" means (with a complete stranger on the internet) should leave of you feeling a little bit embarrassed. That you are now chest-beating about a supposed victory (in a post with an outrageous number of grammatical errors) in that very same debate certainly means you should be.

After about 15 years of being online, I've never run a virus scanner, and I've gotten exactly one virus. I had a few more issues with spyware, but all it took to correct that was switching to Firefox. Anyway, that one virus I got was 100% my fault. I was running Windows 2000 at the time. And, being a cheap, dumb teenager who wanted to play some stupid game without paying for it, I attempted to download it illegally. It looked fishy, but I tried it anyway. And, lo and behold, my system was infected. I kicked myself for being stupid, and proceeded to reformat. Lesson learned.

I ended up switching to OS X in 2008, and I've been thoroughly enjoying it. But, security was never an issue for me. It didn't motivate me in any way to make the switch. I knew going in that OS X was, at least in part, secure because it wasn't as popular as Windows. News of these new threats mean nothing to me. They won't change anything about how I operate: Show basic discretion, keep the system up to date. Simple as that.

Holy Apple fanboy denialists, Batman. Let's face it, your Mac OS X is just as hackable as any other OSs.

"Nuh uh uh! But Macs can't viruses because Apple has told me so!" - Yes, keep on drinking that Kool-Aid... Apple and Mac users' arrogance will be the end of the Internet as they infect millions and millions of computers through their own denials and casual dismissals of the most basic security measures.

Anyone who thinks that any system that runs unsigned (or self-signed, lol) code from the internet will ever be secure has rocks in their head.

Even signed code, given the CAs that have been hacked lately, should be viewed with skepticism.

Windows users pointing the finger: you're in a glass houseLinux users pointing the finger: the number of security vulnerabilities for Linux software out there is similar to Windows.

If you're claiming that OS X doesn't get owned due to minimal market share, take a look at linux as well. Yes, SElinux is more secure, but very few actually run it. The only thing keeping desktop linux secure at the moment is the massive amount of fragmentation and limited user-base.

Holy Apple fanboy denialists, Batman. Let's face it, your Mac OS X is just as hackable as any other OSs.

"Nuh uh uh! But Macs can't viruses because Apple has told me so!" - Yes, keep on drinking that Kool-Aid... Apple and Mac users' arrogance will be the end of the Internet as they infect millions and millions of computers through their own denials and casual dismissals of the most basic security measures.

F-Secure, arguably a company with an interest in increasing their own marketshare, disagrees with you.

Here, I'll the Urban Dictionary destroy you... have fun yelling at that website in frustration:

" ... The original origin of the word "pwn" was a typo, probably from a high-speed chat, of the word "own". ... When "own" and "owned" became "pwn", "pwned" and "pwnage", the words came to mean the same thing; dominance and superiority. The new word "pawn" is very simmilar in the sense; its plain definition is to belittle or reduce someone or something to pawn status, essentially, "owning" them. ... "

You've just been pawned, danstl... and it was easy. Are you embarrassed now? Good.

OK well you missed what I was saying and no you are still wrong it is not PAWN to OWN

that link you provided is the ONLY site I have ever seen it Pawn-to-own... Search for pawn-to-own and see what you come up with... I have never in my life heard anyone say pawn to own...

The only thing I find for "pawn" is:

Quote:

A racial slur for all Russians/Ukrainians.That Russian faggot named Gene Sirovsky is a pawn.

anyway I guess its fine if you never decide to run AV on your... its yours anyway...

Quote:

PwnageBasically means to rule over another person, or to get told/killed(in fps and MMO)/raped/etc. Commonly used now and is a common trend amongst most people to say it. Pwnage is pronounced "OWN" and usually people spell Pwn as Own. People also pronounce it incorrectly as "Porn" and "Poan". Present tense: PWN (I pwn all ur asses) Past tense: PWNED (YOU GOT PWNED !!!111oneoneone) Adjective: PWNAGE (Fear my PWNAGE!!!) (may be in lower case)

This is so stupid... what have I done...

Or here is another one

Quote:

The name "Pwn2Own" is derived from the fact that contestants must "pwn" or hack the device in order to "own" or win it. The Pwn2Own contest serves to demonstrate the vulnerability of devices and software in widespread use while also providing a checkpoint on the progress made in security since the previous year.

I'm pretty sure fighting over what "pwn" means (with a complete stranger on the internet) should leave of you feeling a little bit embarrassed.. an outrageous number of grammatical errors...

It's interesting you focus on me instead of the person who initiated the trite semantic bullshit in the first place. Maybe go back and read my initial post the pawn was "responding" to instead of diving into yet more trite distractions from the points I made (just like he did).

You could have gathered that much earlier when I mentioned you were an infant partaking in trite semantics. Look up "trite" when you get a chance. What a bore.

danstl wrote:

I guess its fine if you never decide to run AV on your

You seem mentally unstable. I've never mentioned anything about running AV or not on my anything. Considering I run Windows XP and Windows 7 on my machine it would be pretty insane not to do so. On OS X, I have ClamXav.

Holy Apple fanboy denialists, Batman. Let's face it, your Mac OS X is just as hackable as any other OSs. "Nuh uh uh! But Macs can't viruses because Apple has told me so!" - Yes, keep on drinking that Kool-Aid... Apple and Mac users' arrogance will be the end of the Internet as they infect millions and millions of computers through their own denials and casual dismissals of the most basic security measures.

How old are you? Is trolling something you do to ease the pain of a life not lived to the fullest?

Holy Apple fanboy denialists, Batman. Let's face it, your Mac OS X is just as hackable as any other OSs.

"Nuh uh uh! But Macs can't viruses because Apple has told me so!" - Yes, keep on drinking that Kool-Aid... Apple and Mac users' arrogance will be the end of the Internet as they infect millions and millions of computers through their own denials and casual dismissals of the most basic security measures.

The end of the internet?! If careless user behaviour coupled with very unsecure OS's would cause the internet to end, it would've happend years ago. Because of Windows!

DEP + ASLR was already bypassed in Windows 7... for Windows 7, it's lipstick on a pig. Sounds great in theory, but hacked in the real world.

I think you talking about JIT spraying, try do this remotely, against many machines... If you want talking about something that work's in real world, than you must wait until someone figure how disable ASLR, like here:http://www.vnsecurity.net/2012/02/explo ... erability/

If someone want do this, than must bypass many other mitigation. Not only ASLR. And ASRL is not panacea, this only mitigation. They are technique to bypass/defeat mitigation and they are technique against this technique:https://media.blackhat.com/bh-us-11/Tsa ... ack_WP.pdf

Both site is aware of this and still play in cat and mouse. In real world bad guys use attacks against software, not OS them self. If is a small window of opportunity (like with flashback) they take a chance.

"Perhaps it's time for us to consider installing antivirus software as a rule, just like our Windows-using brothers and sisters"-

Not chance. A couple of dozen trojans in a decade are not a good reason to make my Mac sitting down everyday because it needs to scan the media for malware that doesn't exist. It's a well known fact that the Mac antiviruses mostly scan for windows infected files. Their purpose is to not share to Windows users files that could harmful for _them_.

And please don't give us the old joke that "Macs don't get viruses because there are few Macs around". Apple is the first company in the world, and because of that probably the most hated by the anti-conformists wannabe. If there are only few malware for OS X it is because it's nearly impossible to make them, not because they cyber-criminals don't want to. The fact that every installation must be authenticated is a good enough protection for them to give up.

I think it's worth people remembering that while browsing carefully is a good practise, it's far from perfect. Obviously everybody's experiences differ, but the more recent version of Flashback only highlights that a virus can get into your system via means that even a careful, knowledgeable user may not necessarily be aware of. Since it was able to use an exploit in another piece of software, Flashback effectively bypassed most of Mac OS X's security features; something which is just as possible on Windows, Linux and other systems, which is why sandboxing is becoming so much more prevalent as a means of stopping unexpected behaviour.

So while I do trust Mac OS X as an OS, running your computer without protection is always going to be riskier than installing *something* to help out. While the user is the real first line of defence to a system, it's never a bad thing to have anti-virus software as a back-up when you make a mistake, or an unexpected new exploit rears its head. Besides which, the majority of users out there are by means no experts when it comes to security practises!

The fact that every installation must be authenticated is a good enough protection for them to give up.

In Windows since Vista to, but still many user piss on that and do stupid thinks... but many learn on mistakes.

I recently installed from scratch WIndows 8 CP. It installs as administrator. It isn't a user fault, it is how that crap is designed. Unix had the user and superuser spaces since when it was born. That's the main difference

And I told already not to tell the joke that OS X doesn't get viruses because it isn't popular! It's pretty easy to set up an hackintosh in a cheap Windows machine. Who really wants to do some virus research on OS X for free can easily do it. but still, no matter the many Apple hateful people, there are just few advisories about few trojans.

Also someone should explain why Flashback compromised Macs mostly in NA. Even worse, Canada, which given its population it's like if all Canadian Macs got compromised. Are we sure those 700k number are reliable? The source (Dr. Web) has more than one reason to be angry at Apple...

[I recently installed from scratch WIndows 8 CP. It installs as administrator. It isn't a user fault, it is how that crap is designed. Unix had the user and superuser spaces since when it was born. That's the main difference.

User account during installation get two tokens, home group and administrator, by default user work as 'home user', when some task need higher privileges than UAC promt show and ask for grand admin token.

Quote:

When UAC is enabled, all user accounts—including administrative accounts—run with standard user rights. This means that application developers must consider the fact that their software won't have administrative rights by default.

Who really wants to do some virus research on OS X for free can easily do it.

You don't understand, its not a matter of research, but how this research is valuable, most people digging there where can do more "damage". Who spending time and probably money for research on OS who have 9% share on market? Like we see someone start doing that...